Legal

HIPAA Notice of Privacy Practices

Effective January 1, 2026

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Kindr Health, Inc. ("Kindr Health", "we", "us") is required by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") and its implementing regulations to protect the privacy of your protected health information ("PHI"), provide you with this Notice of our legal duties and privacy practices, follow the terms of the Notice currently in effect, and notify you in the event of a breach of unsecured PHI. PHI is information that identifies you and relates to your past, present, or future physical or mental health, the care you receive, or payment for that care.

1. How we may use and disclose your PHI without your authorization

Treatment

We use and disclose your PHI to provide, coordinate, and manage your healthcare. For example, your Kindr Health clinician reviews your intake, lab results, and medication history to determine an appropriate treatment plan, and shares your prescription with our partner compounding pharmacy so it can be filled and shipped to you.

Payment

We use and disclose your PHI to bill and collect payment for the services and medications you receive — for example, to charge your card on file, process refunds, or verify HSA/FSA eligibility.

Healthcare operations

We use and disclose PHI for operational purposes such as quality assessment, clinician review, training, accreditation, business planning, and care coordination across our clinical team.

Business associates

We share PHI with third-party vendors that perform services on our behalf — including our compounding pharmacy, telehealth platform provider, hosting and infrastructure partners, analytics providers, payment processor, and shipping carriers. Each business associate is contractually required under a HIPAA Business Associate Agreement to protect your PHI to the same standards we follow.

As required by law

Public health activities, including disease reporting and FDA adverse event reporting.
Reporting suspected abuse, neglect, or domestic violence.
Health oversight activities, audits, and licensure investigations.
Judicial and administrative proceedings (court orders, subpoenas, discovery requests).
Law enforcement purposes within the limits of HIPAA.
Coroners, medical examiners, and funeral directors.
Organ and tissue donation organizations.
To avert a serious threat to health or safety.
Specialized government functions (military, national security, protective services, inmates).
Workers' compensation programs as authorized by state law.

2. Uses and disclosures that require your written authorization

The following always require your written authorization. You may revoke an authorization at any time in writing, except to the extent we have already acted in reliance on it:

Most uses and disclosures of psychotherapy notes.
Use or disclosure of PHI for marketing purposes (other than face-to-face communications and promotional gifts of nominal value).
Sale of your PHI.
Any other use or disclosure not described in this Notice.

3. Special protections — sensitive information

Certain categories of information receive additional protection under federal and state law, including HIV/AIDS status, mental health and substance use disorder treatment records, genetic information, and reproductive health information. Where state law is more restrictive than HIPAA, we follow the stricter rule.

4. Your rights regarding your PHI

Right to inspect and copy

You may inspect and obtain a copy of your medical record, generally within 30 days of a written request. We may charge a reasonable cost-based fee for copying.

Right to request amendment

You may request that we amend information you believe is incorrect or incomplete. We may deny the request in limited circumstances and will provide a written explanation.

Right to an accounting of disclosures

You may request an accounting of disclosures of your PHI made for purposes other than treatment, payment, healthcare operations, or those you authorized, generally for the six years prior to your request.

Right to request restrictions

You may request restrictions on certain uses and disclosures. We are not required to agree to most restrictions, but if you pay for a service in full out-of-pocket, you may restrict disclosure to a health plan for purposes of payment or healthcare operations.

Right to confidential communications

You may request that we communicate with you about medical matters in a specific way or at a specific location (for example, by email rather than mail). We will accommodate reasonable requests.

Right to a paper copy of this Notice

You may request a paper copy of this Notice at any time, even if you have agreed to receive it electronically.

Right to be notified of a breach

You have the right to be notified following a breach of your unsecured PHI in accordance with the HIPAA Breach Notification Rule.

Right to opt out of fundraising

If we send fundraising communications, you may opt out at any time. Opting out will not affect your treatment or payment.

5. Our duties

Maintain the privacy and security of your PHI.
Provide this Notice and abide by its terms currently in effect.
Notify you if we are unable to honor a requested restriction or confidential communication.
Notify you in the event of a breach affecting your unsecured PHI.
Not use or disclose your PHI in ways not described in this Notice without your written authorization.

6. Changes to this Notice

We reserve the right to change the terms of this Notice at any time and to make the new Notice provisions effective for all PHI we maintain. The current Notice will always be posted on our website with its effective date.

7. Complaints

If you believe your privacy rights have been violated, you may file a complaint with our Privacy Officer or directly with the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you for filing a complaint.

U.S. Department of Health and Human Services, Office for Civil Rights
200 Independence Avenue, S.W., Washington, D.C. 20201
1-877-696-6775 · hhs.gov/ocr/complaints

8. Contact our Privacy Officer

Privacy Officer
Kindr Health, Inc.
425 Page Mill Rd
Palo Alto, CA 94306
Email: privacy@kindr.health

This Notice is provided to satisfy Kindr Health's obligations under 45 C.F.R. § 164.520. It is informational and is not a contract. State law may grant you additional rights.